added further lookups for LMS.

added independent setting of DigestAlgorithm for LMS (via ExtendedContentSigner).

Author: dghgit

pkix/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java

@@ -10,6 +10,7 @@
 import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
 import org.bouncycastle.operator.DigestCalculator;
 import org.bouncycastle.operator.DigestCalculatorProvider;
+import org.bouncycastle.operator.ExtendedContentSigner;
 import org.bouncycastle.operator.OperatorCreationException;
 
 /**
@@ -146,7 +147,22 @@ private SignerInfoGenerator createGenerator(ContentSigner contentSigner, SignerI
         }
         else
         {
-            digester = digestProvider.get(digAlgFinder.find(contentSigner.getAlgorithmIdentifier()));
+            if (contentSigner instanceof ExtendedContentSigner)
+            {
+                digester = digestProvider.get(((ExtendedContentSigner)contentSigner).getDigestAlgorithmIdentifier());
+            }
+            else
+            {
+                AlgorithmIdentifier digAlg = digAlgFinder.find(contentSigner.getAlgorithmIdentifier());
+                if (digAlg != null)
+                {
+                    digester = digestProvider.get(digAlg);
+                }
+                else
+                {
+                    throw new OperatorCreationException("no digest algorithm specified for signature algorithm");
+                }
+            }
         }
 
         if (directSignature)

pkix/src/main/java/org/bouncycastle/operator/DefaultAlgorithmNameFinder.java

@@ -56,7 +56,9 @@ private static void addAlgorithm(ASN1ObjectIdentifier algOid, String algorithmNa
         addAlgorithm(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512WITHCVC-ECDSA");
         addAlgorithm(BCObjectIdentifiers.falcon_512, "FALCON");
         addAlgorithm(BCObjectIdentifiers.falcon_1024, "FALCON");
-        
+
+        addAlgorithm(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig, "LMS");
+
         addAlgorithm(NISTObjectIdentifiers.id_ml_dsa_44, "ML-DSA-44");
         addAlgorithm(NISTObjectIdentifiers.id_ml_dsa_65, "ML-DSA-65");
         addAlgorithm(NISTObjectIdentifiers.id_ml_dsa_87, "ML-DSA-87");

pkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java

@@ -192,8 +192,6 @@ public class DefaultDigestAlgorithmIdentifierFinder
 
         digestOids.put(EdECObjectIdentifiers.id_Ed25519, NISTObjectIdentifiers.id_sha512);
 
-        digestOids.put(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig, NISTObjectIdentifiers.id_sha256);
-
         digestNameToOids.put("SHA-1", OIWObjectIdentifiers.idSHA1);
         digestNameToOids.put("SHA-224", NISTObjectIdentifiers.id_sha224);
         digestNameToOids.put("SHA-256", NISTObjectIdentifiers.id_sha256);
@@ -299,6 +297,8 @@ private static void addDigestAlgId(ASN1ObjectIdentifier oid, boolean withNullPar
         digestOidToAlgIds.put(oid, algId);
     }
 
+    public static DigestAlgorithmIdentifierFinder INSTANCE = new DefaultDigestAlgorithmIdentifierFinder();
+
     public AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId)
     {
         ASN1ObjectIdentifier sigAlgOid = sigAlgId.getAlgorithm();
@@ -324,6 +324,12 @@ public AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId)
             digAlgOid = (ASN1ObjectIdentifier)digestOids.get(sigAlgOid);
         }
 
+        if (digAlgOid == null)
+        {
+            return null;
+        }
+
+        // keep looking!
         return find(digAlgOid);
     }
 

pkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java

@@ -432,6 +432,7 @@ private static void addDigestOid(ASN1ObjectIdentifier signatureOid, ASN1ObjectId
         noParams.add(BCObjectIdentifiers.dilithium3_aes);
         noParams.add(BCObjectIdentifiers.dilithium5_aes);
 
+        noParams.add(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
         noParams.add(NISTObjectIdentifiers.id_ml_dsa_44);
         noParams.add(NISTObjectIdentifiers.id_ml_dsa_65);
         noParams.add(NISTObjectIdentifiers.id_ml_dsa_87);

pkix/src/main/java/org/bouncycastle/operator/DefaultSignatureNameFinder.java

@@ -94,6 +94,8 @@ private static void addSignatureName(ASN1ObjectIdentifier sigOid, String sigName
         addSignatureName(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
         addSignatureName(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
 
+        addSignatureName(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig, "LMS");
+
         addSignatureName(NISTObjectIdentifiers.id_ml_dsa_44, "ML-DSA-44");
         addSignatureName(NISTObjectIdentifiers.id_ml_dsa_65, "ML-DSA-65");
         addSignatureName(NISTObjectIdentifiers.id_ml_dsa_87, "ML-DSA-87");

pkix/src/main/java/org/bouncycastle/operator/ExtendedContentSigner.java

@@ -0,0 +1,18 @@
+package org.bouncycastle.operator;
+
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+
+/**
+ * A Content Signer which also provides details of the digest algorithm used internally.
+ */
+public interface ExtendedContentSigner
+    extends ContentSigner
+{
+    /**
+     * Return the algorithm identifier describing the signature
+     * algorithm and parameters this signer generates.
+     *
+     * @return algorithm oid and parameters.
+     */
+    AlgorithmIdentifier getDigestAlgorithmIdentifier();
+}

pkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java

@@ -37,6 +37,7 @@
 import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
 import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
 import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
+import org.bouncycastle.operator.ExtendedContentSigner;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.RuntimeOperatorException;
 import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder;
@@ -60,6 +61,7 @@ public class JcaContentSignerBuilder
     }
 
     private final String signatureAlgorithm;
+    private final AlgorithmIdentifier signatureDigestAlgorithm;
 
     private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
     private SecureRandom random;
@@ -68,14 +70,26 @@ public class JcaContentSignerBuilder
     private AlgorithmParameterSpec sigAlgSpec;
 
     public JcaContentSignerBuilder(String signatureAlgorithm)
+    {
+        this(signatureAlgorithm, (AlgorithmIdentifier)null);
+    }
+
+    public JcaContentSignerBuilder(String signatureAlgorithm, AlgorithmIdentifier signatureDigestAlgorithmID)
     {
         this.signatureAlgorithm = signatureAlgorithm;
+        this.signatureDigestAlgorithm = signatureDigestAlgorithmID;
     }
 
     public JcaContentSignerBuilder(String signatureAlgorithm, AlgorithmParameterSpec sigParamSpec)
     {
-        this.signatureAlgorithm = signatureAlgorithm;
+        this(signatureAlgorithm, sigParamSpec, null);
+    }
 
+    public JcaContentSignerBuilder(String signatureAlgorithm, AlgorithmParameterSpec sigParamSpec, AlgorithmIdentifier signatureDigestAlgorithmID)
+    {
+        this.signatureAlgorithm = signatureAlgorithm;
+        this.signatureDigestAlgorithm = signatureDigestAlgorithmID;
+        
         if (sigParamSpec instanceof PSSParameterSpec)
         {
             PSSParameterSpec pssSpec = (PSSParameterSpec)sigParamSpec;
@@ -160,7 +174,7 @@ public ContentSigner build(PrivateKey privateKey)
                 sig.initSign(privateKey);
             }
 
-            return new ContentSigner()
+            final ContentSigner contentSigner = new ContentSigner()
             {
                 private OutputStream stream = OutputStreamFactory.createStream(sig);
 
@@ -186,6 +200,39 @@ public byte[] getSignature()
                     }
                 }
             };
+
+            if (signatureDigestAlgorithm != null)
+            {
+                return new ExtendedContentSigner()
+                {
+                    private final AlgorithmIdentifier digestAlgorithm = signatureDigestAlgorithm;
+                    private final ContentSigner signer = contentSigner;
+
+                    public AlgorithmIdentifier getDigestAlgorithmIdentifier()
+                    {
+                        return digestAlgorithm;
+                    }
+
+                    public AlgorithmIdentifier getAlgorithmIdentifier()
+                    {
+                        return signer.getAlgorithmIdentifier();
+                    }
+
+                    public OutputStream getOutputStream()
+                    {
+                        return signer.getOutputStream();
+                    }
+
+                    public byte[] getSignature()
+                    {
+                        return signer.getSignature();
+                    }
+                };
+            }
+            else
+            {
+                return contentSigner;
+            }
         }
         catch (GeneralSecurityException e)
         {

pkix/src/test/java/org/bouncycastle/cms/test/PQCSignedDataTest.java

@@ -24,6 +24,10 @@
 import org.bouncycastle.asn1.cms.AttributeTable;
 import org.bouncycastle.asn1.cms.CMSAttributes;
 import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.asn1.cms.SignerInfo;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaCertStore;
 import org.bouncycastle.cms.CMSException;
@@ -55,6 +59,9 @@ public class PQCSignedDataTest
     private static String _origDN;
     private static KeyPair _origKP;
     private static X509Certificate _origCert;
+
+    private static KeyPair _origLmsKP;
+    private static X509Certificate _origLmsCert;
     private static KeyPair _origFalconKP;
     private static X509Certificate _origFalconCert;
     private static KeyPair _origPicnicKP;
@@ -67,6 +74,8 @@ public class PQCSignedDataTest
     private static String _signDN;
     private static KeyPair _signKP;
     private static X509Certificate _signCert;
+    private static KeyPair _signLmsKP;
+    private static X509Certificate _signLmsCert;
     private static KeyPair _signFalconKP;
     private static X509Certificate _signFalconCert;
     private static KeyPair _signPicnicKP;
@@ -137,6 +146,12 @@ private static void init()
             _signKP = PQCTestUtil.makeKeyPair();
             _signCert = PQCTestUtil.makeCertificate(_signKP, _signDN, _origKP, _origDN);
 
+            _origLmsKP = PQCTestUtil.makeLmsKeyPair();
+            _origLmsCert = PQCTestUtil.makeCertificate(_origLmsKP, _origDN, _origLmsKP, _origDN);
+
+            _signLmsKP = PQCTestUtil.makeLmsKeyPair();
+            _signLmsCert = PQCTestUtil.makeCertificate(_signLmsKP, _signDN, _origLmsKP, _origDN);
+
             _origFalconKP = PQCTestUtil.makeFalconKeyPair();
             _origFalconCert = PQCTestUtil.makeCertificate(_origFalconKP, _origDN, _origFalconKP, _origDN);
 
@@ -276,6 +291,81 @@ public void testFalconEncapsulated()
         }
     }
 
+    public void testLmsEncapsulated()
+        throws Exception
+    {
+        List certList = new ArrayList();
+        CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
+
+        certList.add(_origLmsCert);
+        certList.add(_signLmsCert);
+
+        Store certs = new JcaCertStore(certList);
+
+        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
+
+        DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
+
+        gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("LMS", new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).setProvider(BC).build(_origLmsKP.getPrivate()), _origLmsCert));
+
+        gen.addCertificates(certs);
+
+        CMSSignedData s = gen.generate(msg, true);
+
+        ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
+        ASN1InputStream aIn = new ASN1InputStream(bIn);
+
+        s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
+
+        certs = s.getCertificates();
+
+        SignerInformationStore signers = s.getSignerInfos();
+
+        Collection c = signers.getSigners();
+        Iterator it = c.iterator();
+
+        while (it.hasNext())
+        {
+            SignerInformation signer = (SignerInformation)it.next();
+            Collection certCollection = certs.getMatches(signer.getSID());
+
+            Iterator certIt = certCollection.iterator();
+            X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
+
+            assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert)));
+
+            //
+            // check content digest
+            //
+
+            byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(signer.getDigestAlgOID());
+
+            AttributeTable table = signer.getSignedAttributes();
+            Attribute hash = table.get(CMSAttributes.messageDigest);
+
+            assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets()));
+        }
+    }
+
+    public void testTryLmsSettings()
+        throws Exception
+    {
+        DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
+
+        try
+        {
+            new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("LMS").setProvider(BC).build(_origLmsKP.getPrivate()), _origLmsCert).generate(PKCSObjectIdentifiers.data);
+        }
+        catch (OperatorCreationException e)
+        {
+            assertEquals("no digest algorithm specified for signature algorithm", e.getMessage());
+        }
+
+        SignerInfo sigInfo = new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("LMS", new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).setProvider(BC).build(_origLmsKP.getPrivate()), _origLmsCert).generate(PKCSObjectIdentifiers.data);
+
+        assertEquals(sigInfo.getDigestAlgorithm(), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256));
+    }
+
     public void testPicnicEncapsulated()
         throws Exception
     {

pkix/src/test/java/org/bouncycastle/cms/test/PQCTestUtil.java

@@ -22,9 +22,13 @@
 import org.bouncycastle.jce.X509KeyUsage;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.pqc.crypto.lms.LMOtsParameters;
+import org.bouncycastle.pqc.crypto.lms.LMSigParameters;
 import org.bouncycastle.pqc.jcajce.interfaces.FalconKey;
+import org.bouncycastle.pqc.jcajce.interfaces.LMSKey;
 import org.bouncycastle.pqc.jcajce.interfaces.PicnicKey;
 import org.bouncycastle.pqc.jcajce.spec.FalconParameterSpec;
+import org.bouncycastle.pqc.jcajce.spec.LMSKeyGenParameterSpec;
 import org.bouncycastle.pqc.jcajce.spec.PicnicParameterSpec;
 import org.bouncycastle.pqc.jcajce.spec.SPHINCS256KeyGenParameterSpec;
 import org.bouncycastle.pqc.jcajce.spec.SPHINCSPlusParameterSpec;
@@ -51,6 +55,16 @@ public static KeyPair makeSphincsPlusKeyPair()
         return kpGen.generateKeyPair();
     }
 
+    public static KeyPair makeLmsKeyPair()
+        throws Exception
+    {
+        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("LMS", "BCPQC");
+
+        kpGen.initialize(new LMSKeyGenParameterSpec(LMSigParameters.lms_sha256_n32_h5, LMOtsParameters.sha256_n32_w1), new SecureRandom());
+
+        return kpGen.generateKeyPair();
+    }
+
     public static KeyPair makeFalconKeyPair()
         throws Exception
     {
@@ -116,6 +130,10 @@ else if (issPriv instanceof SLHDSAKey)
         {
             sigGen = new JcaContentSignerBuilder("SLH-DSA").setProvider("BC").build(issPriv);
         }
+        else if (issPriv instanceof LMSKey)
+        {
+            sigGen = new JcaContentSignerBuilder("LMS").setProvider("BC").build(issPriv);
+        }
         else
         {
             sigGen = new JcaContentSignerBuilder("SHA512withSPHINCS256").setProvider("BCPQC").build(issPriv);